Hackers Steal $10M Via LinkedIn

Uploaded on 2024-11-25 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns over a six-month period.  Sapphire Sleet, which is known to be active since at least 2020, overlaps with hacking groups tracked as APT38 and BlueNoroff. 

According to Microsoft, there are multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both recruiters and job seekers to generate illicit revenue for the impoverished nation.

In November 2023 Microsoft  reported that the threat actor had established infrastructure that impersonated skills assessment portals to carry out its social engineering campaigns. While their methods have changed throughout the years, the primary scheme used by Sapphire Sleet over the past year and a half is to masquerade as a venture capitalist, feigning interest in investing in the target user’s company. 

The threat actor sets up an online meeting with a target user. On the day of the meeting, when the target user attempts to connect to the meeting, the user receives either a frozen screen or an error message stating that the user should contact the room administrator or support team for assistance. When the target contacts the threat actor, the threat actor sends a script – a .scptfile (Mac) or a Visual Basic Script (.vbs) file (Windows) – to “fix the connection issue”. This script leads to malware being downloaded onto the target user’s device. 

The threat actor then works towards obtaining cryptocurrency wallet credentials on the compromised device, enabling theft.

Sapphire Sleet has been identified masquerading as a recruiters for high profile financial services firms on LinkedIn to reach out to prospective targets and ask them to complete a skills assessment hosted on a website under their control. In some instances, they have also been found using Artificial Intelligence (AI) tools like Faceswap to modify photos and documents stolen from victims or show them against the backdrop of professional-looking settings. These pictures are then used on resumes or profiles, sometimes for several personas, that are submitted for job applications.

 "In addition to using AI to assist with creating images used with job applications, North Korean IT workers are experimenting with other AI technologies such as voice-changing software... The North Korean IT workers appear to be very organised when it comes to tracking payments received. Overall, this group of North Korean IT workers appears to have made at least 370,000 US dollars through their efforts." " Microsoft said.

In response, the US State Department has announced it will pay a reward of up to $10 million for information about individuals associated with these malicious cyber groups linked to North Korea.

Microsoft  |   LinkedIn   |   NKNews   |   Hacker News   |    Fortune  |    Spiceworks      

Image: 

You Might Also Read: 

North Korean IT Contractor Fraud:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 





 

« Cyber Attacks On Britain's Water Supply
Phishing Scheme That Generated $11M Taken Down »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs are a group of IT security specialists, ethical hackers, and researchers driven to identify security flaws before cyber threat actors does.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.

Operational Systems (OpSys)

Operational Systems (OpSys)

OpSys is a leading Managed IT and Cyber Security provider protecting the critical elements of businesses across the globe.